]>
Commit | Line | Data |
---|---|---|
bee67bf1 DM |
1 | =A simple simulator to test our iptables rules= |
2 | ||
3 | ==Invovation== | |
4 | ||
5 | # ./fwtester.pl | |
6 | ||
7 | This scans for subdirectory named test-* an invokes fwtester.pl | |
8 | for each subdirectory with: | |
9 | ||
10 | # ./fwtester.pl test-<name>/tests | |
11 | ||
12 | ==Test directory contents== | |
13 | ||
14 | Each test directory can contain the following files: | |
15 | ||
16 | *cluster.fw Cluster wide firewall config | |
17 | ||
18 | *host.fw Host firewall config | |
19 | ||
20 | *<VMID>.fw Firewall config for VMs | |
21 | ||
22 | *tests Test descriptions | |
23 | ||
24 | ==Test description== | |
25 | ||
26 | The test description file can contain one or more tests using | |
27 | the following syntax: | |
28 | ||
29 | { from => '<zone>' , to => '<zone>', action => '<DROP|RECECT|ACCEPT>', [ source => '<ip>',] [ dest => '<ip>',] [ proto => '<tcp|udp>',] [ dport => <port>,], [ sport => <port>,] } | |
30 | ||
31 | The following <zone> definition exist currently: | |
32 | ||
47ece390 | 33 | * host: The host itself |
bee67bf1 | 34 | |
47ece390 | 35 | * outside: The outside world (alias for 'vmbr0/eth0') |
bee67bf1 | 36 | |
47ece390 | 37 | * vm<ID>: A qemu virtual machine |
bee67bf1 | 38 | |
47ece390 | 39 | * ct<ID>: An openvz container |
bee67bf1 | 40 | |
47ece390 | 41 | * nfvm: Non firewalled VM (alias for 'vmbr0/tapXYZ') |
c0c871d8 | 42 | |
47ece390 DM |
43 | * vmbr<\d+>/<bport>: Unmanaged bridge port |
44 | ||
45 | ||
bee67bf1 DM |
46 | ==Test examples== |
47 | ||
48 | { from => 'outside', to => 'ct200', dport => 22, action => 'ACCEPT' } | |
49 | { from => 'vm101', to => 'vm100', dport => 443, action => 'ACCEPT', id => 'vm2vm'} | |
50 | ||
51 | You can assign an 'id' to each test, so that you can run them separately: | |
52 | ||
53 | ./fwtester.pl -d test-basic1/tests vm2vm | |
54 |